My cart
Your shopping cart is empty
Privacy Policy
"………………………………" EOOD
(Notice regarding the processing of personal data)
Personal data administrator:
1. Name: "…………………" EOOD
2. EIC: ……………………..
3. Headquarters and address of management: ……………………………
4. Telephone: ……………………………..
5. E-mail address: ………………………..
6. Website: ……………………..
"………………………………." EOOD (the "Company" or the "Administrator") carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of The Council of April 27, 2016 on the protection of natural persons in connection with the processing of personal data ("General Data Protection Regulation" or the "Regulation"). This "Privacy Policy" ("Privacy Policy" or "Policy") is intended to inform each Customer (as defined below) of the Company regarding the processing of data by which the particular Customer is or can be identified.
For the purposes of the Policy, "Customer" is any natural person who is a party to a contract with the Company for the purchase and sale of goods, as well as a natural person who has expressed a will to enter into pre-contractual relations with the Administrator and/or user of the Electronic Store ………………… , available on the Internet at the electronic address: ……………….., as well as a director, manager, representative, proxy, employee, partner, shareholder, beneficial owner of a legal entity or other legal entity using the Electronic Store.
1. What personal data do we process?
The Company processes, as a personal data administrator, the following groups of personal data of the Clients:
• Physical identity – names, social security number, address, telephone, e-mail address;
• Economic identity - bank account number information.
Personal data is collected by the Administrator from the persons to whom it relates.
2. How we collect personal data
We collect personal data:
• in the process of registration on the website of the Electronic Store and when using the Electronic Store without registration;
• when carrying out correspondence with the Client, which may include communication in written form, including electronic form and oral form;
• through cookies when using or browsing our website.
In some cases, we may also collect information from third parties or from public sources.
Our website collects data in log files. This information contains data about your IP address, Internet provider, the browser you use, your operating system, when you visited our website, the pages visited.
Our website uses cookies. "Cookies" are small files with information that the website sends to the visitor's browser. The browser stores this information in a text file on the user's end device. They help us make our website work better for you. You can read more information about the use of "cookies" in our Policy on the use of cookies, published on the website of the Electronic Store: www………………com.
3. Do we process special categories of personal data?
The Company does not process special categories of personal data of Customers.
4. For what purposes do we process personal data?
The Company processes the Clients' personal data for the following purposes:
• providing information and assistance that you have requested from us;
• individualization and contact with customers and actual owners;
• for all activities related to the existence, modification and termination of relations between the Company and the Client;
• offering and promoting additional services;
• compliance with regulatory requirements;
• implementation of defense in the event of a dispute and cooperation with regulatory authorities to the extent required by law.
If we do not process this personal data, we may not be able to provide you with our services or the assistance you request.
5. On what legal basis do we process personal data?
Customers' personal data is collected, processed and used based on several grounds for processing:
• For the performance of a contract or for entering into pre-contractual relations;
• For compliance with a legal obligation that applies to the Company;
• For the purposes of the legitimate interests of the Company or of a third party, when the rights and interests of the data subjects do not prevail over them - to resolve disputes; to prevent, detect, investigate fraud, violations or other illegal conduct; for the establishment, exercise or defense of legal claims;
• Subject to voluntary consent, when required by applicable law.
6. How long do we store personal data?
The company stores the personal data during the contractual legal relationship and until repayment of the claim under the contract and during a transitional period (e.g. to comply with the obligations related to archiving and storage of accounting data). If and initiates legal or other action, personal data may be retained until the end of such action, including any possible appeal periods, and will then be deleted or archived as permitted by applicable law. More specifically, the various carriers of accounting and tax information containing personal data are stored for a period of 10 years, starting from January 1 of the accounting period following the accounting period to which they refer.
In cases where your personal data is obtained and processed on the basis of your consent, we will only process your personal data to the extent that we have your consent to process your personal data.
7. Who do we share personal data with? Do we share them in third countries?
The Company may, at its own discretion, transfer part or all of the personal data to processors of personal data for the fulfillment of the purposes of processing, subject to compliance with the requirements of the Regulation.
The Company shares personal data with:
• third parties – service providers engaged by us to perform functions or activities on our behalf;
• third parties: regulatory, tax, financial, judicial, administrative and law enforcement authorities, all in accordance with applicable law.
This list is not exhaustive and there may be other lawful purposes for storing, disclosing or otherwise processing your personal data.
The Company shall notify the subject of personal data in case of intention to transfer part or all of his personal data to third countries or international organizations.
8. Are personal data protected?
The Company provides and maintains appropriate technical and organizational measures to protect personal data against unauthorized access or illegal use of personal data and/or against their accidental loss, modification, disclosure, access and/or damage or copying. These measures are intended to ensure the continued protection and privacy of personal data. The company reevaluates the measures regularly in order to achieve permanent security of personal data.
9. Do we perform automated decision-making?
The Company does not perform automated data decision making.
10. What are the rights of the Customers in relation to the protection of personal data?
Each Customer may proceed to exercise the rights specified below by written notice to the Company.
• Withdraw consent for personal data processing
When the processing of a Customer's personal data is based on the Customer's consent to the processing of his personal data, the Customer has the right to withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal.
• Right of access
Each Customer has the right to receive confirmation from the Company whether his personal data is being processed by the Company. This includes the right of access to the personal data, the right to receive a free copy of the data (except in cases of excessive and repetitive inquiries), unless otherwise provided in the applicable rules for the protection of personal data, as well as the right of the Customer to be provided with a description of the basic information related to the processing of his personal data.
The Company provides free of charge to the Client a copy of his personal data, which is in the process of processing, but reserves the right to impose an administrative fee, in case of repetition or excessiveness of inquiries.
• Right to rectification
Each Customer has the right to correct or request the Company to correct, without undue delay, inaccurate, incomplete or outdated personal data relating to him.
• Right to erasure (right to be forgotten)
Each Customer has the right to request from the Company the deletion of personal data related to him without undue delay, when any of the following grounds apply:
(i) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(ii) The customer withdraws his consent on which the processing of his data is based and there is no other legal basis for the processing;
(iii) Customer has objected to the processing as set out below;
(iv) The Customer's personal data has been processed unlawfully; or
(v) The Customer's personal data must be deleted in order to comply with a legal obligation under EU law, the law of a Member State or the law of another country;
(vi) the personal data were collected in connection with the provision of information society services.
The Company may refuse to delete the Customer's personal data to the extent that their processing is necessary:
(i) to exercise the right to freedom of expression and the right to information;
(ii) to comply with a legal obligation that requires processing provided for in EU law or Member State law that applies to the Administrator or for the performance of a task in the public interest or in the exercise of official powers conferred on him;
(iii) under para cases of public interest in the field of public health
(iv) for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
(v) for the establishment, exercise or defense of legal claims.
• Right to restriction of processing
Each Customer has the right to request the Company to limit the processing of his personal data in the following cases:
(i) When disputing the accuracy of the personal data as provided by the Client and processed by the Company (the limitation is for a certain period that allows the Company to verify the accuracy of the personal data);
(ii) When the processing is unlawful, but the Client does not want the Personal Data to be deleted, but instead requires the restriction of its use;
(iii) When the Company no longer needs the personal data for the purposes of processing, but the Client requires them to establish, exercise or defend legal claims;
(iv) When the Customer has objected to the processing and expects the Company to verify whether the Company's legal grounds for processing personal data take precedence over the interests of the Customer.
• Right to object
Each Customer has the right at any time, on grounds related to his specific situation, to object to the processing of personal data concerning him.
A customer can exercise the right only in relation to the processing of his personal data, which is carried out by the Company for the purposes of the legitimate interests of the Company.
In case the objection is well-founded, the Company will stop processing the personal data regarding the objected Customer, unless the Company proves that there are compelling legal grounds for the processing that take precedence over the interests of the Customer.
• Right to data portability
This right includes the following possibilities:
(i) to obtain the personal data in a structured, widely used and machine-readable format in order to transfer it to another controller, or
(ii) obtain a direct transfer of the personal data to another controller, if technically feasible.
• Right to appeal
Every Customer has the right to submit a complaint regarding the processing of his personal data by the Company to the Commission for the Protection of Personal Data, which is the competent supervisory authority.
Commission for the Protection of Personal Data
Address: city of Sofia, p. k. 1592, "Prof. Tsvetan Lazarov" No. 2,
phone (02) 91 53 519, fax: (02) 91 53 525
email: kzld@cpdp.bg
website: www.cpdp.bg
11. What happens in case of change?
In the event of a material change in the way the Company processes the personal data of Customers and/or in the types of personal data it processes and/or in any other aspect of the subject of this notification, the Company will notify the Customers of the relevant change immediately by issuing and giving to Customers an updated version of the notice.